CVE-2009-2701

Description

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.419

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2009-2701 are fixed in Python-zodb3 3.8.3	Windows
Vulnerabilities CVE-2009-2701 are fixed in Python-zodb3 3.9.0c2	Windows
Vulnerabilities CVE-2009-2701 are fixed in Python-zodb3 for linux 3.8.3	Linux
Vulnerabilities CVE-2009-2701 are fixed in Python-zodb3 for linux 3.9.0c2	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234